When Vice Director Carlson brought this to my attention a short time ago, I asked Harold to look into 3 things: what is being tracked, by whom, and for what purpose. It is not hard to turn tracking off, but the questions should be answered all the same. It is also easy to turn off iOS applications that are not in current use, but I have no idea how many Apple device users actually do it. I do it regularly to save battery. I will let Harold speak for himself about what he has discovered. In any case, facts about the app must be fully disclosed to users, including how to disable tracking if tracking cannot be removed from the app altogether. We are taking heat from members who want an app for their devices, yesterday. But we need answers from Nxtbook/Apple. 73, Kay N3KN Sent from my iPhone On Nov 2, 2012, at 6:47 PM, dick@pobox.com wrote:
2 NOV 2012 - 1747 CDT
To all ARRL Officers, Directors, and Vice Directors:
Even though I am a heavy user of Information Technology, I have never been a user of Apple devices of any type. Therefore, it has taken more time than I planned to research the potential security issues with the Apple iOS digital QST application.
This message consists of two parts; a brief discussion of the issues, followed with a series of questions that should be answered before any decision is made to publicly release and support the use of our Apple iOS digital QST application.
Potential Security Issues With Apple iOS Digital QST Application
1. According to Harold Kramer, the Apple iOS QST App does send tracking information to somebody. It is assumed that this information is de-identified, only includes the current geographic location of the user, and is sent to Apple.Com, or an Apple contractor. Without a verified, detailed description (from Apple?) of all of this data, there is no way of making a proper judgement of the user's data security when using this application.
2. I understand the default setting of this "data tracking feature" is ON. It can be turned OFF, but the labeling and wording used to control this "feature" is not clearly understood. At the least, I suggest the default setting for this tracking process should be OFF with a warning displayed when the user chooses to activate it.
3. When the user stops using this QST App, it is still active and could continue to send data as long as the user's device is turned on. I think most iOS users do not know this is going on.
4. There is at least one Apple iOS hacking program available at http://www.iphonetracker101.com/iphone-tracking-app that can be used to view and record keystrokes and phone audio. I suspect there are also one or more Apple iOS hacking programs that enable the insertion of program (trojans) that will command the targeted Apple iOS device send specified data to anonymous third party(s) without the knowledge of the device user.
Questions That Should Be Answered Before Releasing the Apple iOS Digital QST Application
1. Harold Kramer told me that Chris Imlay has vetted this contract, but I still don't know who is the contractor. Who is the contractor? What are we paying for this application?
2. What data is being collected? I can understand pages-read data that would be of used by ARRL staff to improve magazine content. The same goes for clicks on active links to track advertising response.
But if things like the reader's current location, the reader's use of other applications, any financial or personal transactions by the reader, the reader's keystrokes, etc. are being sent out... the ARRL should not be receiving this information. We already have the user's ARRL membership and ham radio license data. What more do we need?
3. Is this application is sending data to third parties - without the user's knowledge or agreement? Depending on the data being sent, the ARRL could be held liable for damages.
4. Is there a clearly worded, easily accessed, option allowing the user to permanently stop this data collecting?
I have probably missed some points and I welcome comments and suggestions on these issues. Here is one final question for my fellow directors.
5. Do you think the ARRL Board of Directors should formally approve this IT project? In view of our past IT problems, I believe we should vote on releasing and supporting this Apple iOS digital QST application.
73 - Dick Isely, W9GIG
_______________________________________________ arrl-odv mailing list arrl-odv@reflector.arrl.org http://reflector.arrl.org/mailman/listinfo/arrl-odv